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The method involves defining a degree of access to the operating system resources for the 
software program. A file associated with the software program is examined to determine 
the degree of system-level access available to the software program when the software 
program is being executed by the computer. The software program is executed on the 
computer and a program instruction associated is intercepted with the software program 
when the software program is being executed on the computer. If the program instruction 
includes an operation that is outside the degree of system-level access available to the 
software program is determined. The program instruction is executed when it is 
determined that the software program has permission to access system-level resources 
associated with the computer that are within the degree of system-level access available 
to the software program. 
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Original Abstract: 

Methods, systems, and software for installing and operating selected software 
applications on a client computer that is in communication with a server computer on a 
computer network are described. In one aspect of the present invention, a method for 
controlling the degree of access to operating system resources for a software program 
running on a computer that is running said operating system is provided. The degree of 
access to the operating system resources is defined for the software program, and at least 
one file including instructions for executing the software program is loaded on the 
computer from the server computer. The file is examined to determine the degree of 
system-level access available to the software program when the software program is 
being executed by the computer. The software program is executed,and a program 
instruction associated with the software program is intercepted when the software is 
being executed on the computer. A determination is then made to determine if the 
program instruction includes an operation that is outside of a degree of system-level 
access that is available to the software program, and if it is determined that the software 
program has permission to access system-level resources associated with the computer 
that are within the degree of system-level access available to the software, the program 
instruction is executed. 

Claim: 

• LA method for controlling the degree of access to operating system resources for 
a software program running on a computer which computer is running said 
operating system, the method comprising the steps of: 



(a) defining said degree of access to said operating system resources for said 
software program; 



(b) examining at least one file associated with said software program to determine 
the degree of system-level access available to said software program when said 
software program is being executed by said computer; 

(c) executing said software program on said computer; 

(d) intercepting a program instruction associated with said software program 
when said software program is being executed on said computer; 

(e) determining if said program instruction includes an operation that is outside 
said degree of system-level access available to said software program; and 

(f) executing said program instruction when it is determined that said software 
program has permission to access system-level resources associated with said 
computer that are within the degree of system-level access available to said 
software program. 
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Claim: 

1 . Verfahren (400) zum Steuern des Grads des Zugreifens zu 

Betriebssystemressourcen fur ein Softwareprogramm, das auf einem ersten 
Computer lauft, wobei der erste Computer das Betriebssystem ausfuhrt, wobei das 
Verfahren Folgendes aufweist: 

o Prufen (710) mindestens einer Datei (360), die zu dem Softwareprogramm 
gehort, um den Grad des Zugreifens zu Betriebssystemressourcen, der fur 



das Softwareprogramm verfugbar ist, wenn das Softwareprogramm von 
dem ersten Computer ausgefuhrt wird, zu bestimmen, wobei zumindest 
eine Datei (360) den Grad der Zugriffsprivilegien (364) zu 
Betriebssystemressourcen, der fur das Softwareprogramm verfugbar ist, 
wenn das Softwareprogramm auf dem ersten Computer ausgefuhrt wird, 
definiert, 

o Ausfuhren (604) des Softwareprogramms auf dem ersten Computer; 

o Abfangen (606) einer Programmanweisung, die zu dem 

Softwareprogramm gehort, wahrend das Softwareprogramm auf dem 
ersten Computer ausgefuhrt wird, 

o Bestimmen (612), ob die Programmanweisung eine Operation aufweist, 
die ausserhalb des Grads des Zugreifens auf Betriebssystemressourcen, 
der fur das Softwareprogramm verfugbar sind, liegt, und 

o Ausfuhren (608) der Programmanweisung durch den ersten Computer, 
wenn bestimmt wird, dass das Softwareprogramm die Erlaubnis hat, auf 
die Betriebssystemressourcen, die zu der Programmanweisung gehoren, 
innerhalb des Grads an Zugriffsprivilegien, die fur das Softwareprogramm 
verfugbar sind, wenn es auf dem ersten Computer lauft, zuzugreifen. 



1 . A method (400) for controlling the degree of access to operating system resources 
for a software program running on a first computer, wherein said first computer is 
running said operating system, the method comprising: 

o examining (710) at least one file (360) associated with said software 
program to determine the degree of access to operating system resources 
available to said software program when said software program is being 
executed by said first computer, wherein the at least one file (360) defines 
the degree of access privileges (364) to operating system resources 
available to said software program when said software program is being 
executed by said first computer; 
o executing (604) said software program on said first computer; 
o intercepting (606) a program instruction associated with said software 
program while said software program is being executed on said first 
computer; 

o determining (612) if said program instruction includes an operation that is 
outside said degree of access to operating system resources available to 
said software program; and 

o executing (608) said program instruction by said first computer when it is 
determined that said software program has permission to access the 
operating system resources associated with said program instruction 
within said degree of access privileges available to said software program 
when running on said first computer. 



1 . Procede (400) pour controler le degre d'acces aux ressources d'un systeme 

d'exploitation pour un programme logiciel execute sur un premier ordinateur, dans 
lequel ledit premier ordinateur execute ledit systeme d'exploitation, le procede 
comprenant les etapes consistant a: 

o examiner (710) au moins un fichier (360) associe au dit programme 
logiciel pour determiner le degre d'acces aux ressources de systeme 
d'exploitation disponibles pour ledit programme logiciel lorsque ledit 
programme logiciel est execute par ledit premier ordinateur, dans lequel le 
au moins un fichier (360) definit le degre de privileges d'acces (364) aux 
ressources de systeme d'exploitation disponibles pour ledit programme 
logiciel lorsque ledit programme logiciel est execute par ledit premier 
ordinateur; 

o executer (604) ledit programme logiciel sur ledit premier ordinateur; 

o intercepter (606) une instruction de programme associee au dit programme 

logiciel pendant que ledit programme logiciel est execute sur ledit premier 

ordinateur; 

o determiner (6 1 2) si ladite instruction de programme comprend une 
operation qui est a l'exterieur dudit degre d'acces aux ressources de 
systeme d'exploitation disponibles pour ledit programme logiciel; et 

o executer (608) ladite instruction de programme par ledit premier 
ordinateur lorsqu'il est determine que ledit programme logiciel a la 
permission d'acceder aux ressources de systeme d'exploitation associees a 
ladite instruction de programme a l'interieur dudit degre de privileges 
d'acces disponibles pour ledit programme logiciel lorsqu'il est execute sur 
ledit premier ordinateur. 
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Original Abstract: Methods, systems, and software for installing and operating selected 
software applications on a client computer that is in communication with a server 
computer on a computer network are described. In one aspect of the present invention, a 
method for controlling the degree of access to operating system resources for a software 
program running on a computer that is running said operating system is provided. The 
degree of access to the operating system resources is defined for the software program, 
and at least one file including instructions for executing the software program is loaded 
on the computer from the server computer. The file is examined to determine the degree 
of system-level access available to the software program when the software program is 
being executed by the computer. The software program is executed, and a program 
instruction associated with the software program is intercepted when the software is 
being executed on the computer. A determination is then made to determine if the 
program instruction includes an operation that is outside of a degree of system-level 
access that is available to the software program, and if it is determined that the software 
program has permission to access system-level resources associated with the computer 
that are within the degree of system-level access available to the software, the program 



instruction is executed. 
Claim: 

1 . A method for controlling the degree of access to operating system resources for a 
software program running on a first computer, wherein said first computer is 
running said operating system, the method comprising: 

o examining at least one file associated with said software program to 
determine the degree of system-level access available to said software 
program when said software program is being executed by said first 
computer, wherein the software program is constructed using said at least 
one file; 

o executing said software program on said first computer; 

o intercepting a program instruction associated with said software program 

while said software program is being executed on said first computer; 
o determining when said program instruction includes an operation that is 

outside said degree of system-level access available to said software 

program; and 

o executing said program instruction when it is determined that said 

software program has permission to access system-level resources that are 
within said degree of system-level access available to said software 
program. 



